小贝子编程

显示变量是未定义的,当我改变电子邮件,但它不显示当我改变其他形式



你好,我有一个脚本,用于在更新当前密码之前验证它。它工作,但当我试图更新电子邮件是显示未定义变量:pass但在其他形式中,它甚至没有显示出错误。如何修复?

这是html代码。

<?php
$user_email = $_SESSION['user_email'];
$sql = "SELECT * FROM users WHERE user_email = '$user_email'";
$query = $conn->query($sql);
$row = $query->fetch_array();
//  echo '<pre>' . var_export($_SESSION, true) . '</pre>';
?>
<div class="form-group">
<label class="d-flex justify-content-center"><strong>Update Information</strong></label>
<label>Fullname</label>
<input type="text" name="user_fullname" value="<?php echo $row['user_fullname']; ?>" class="form-control" placeholder="" required>
</div>
<div class="form-group">
<label>Email</label>
<input type="email" name="user_email" value="<?php echo $row['user_email']; ?>" class="form-control" placeholder="" required>
</div>
<div class="form-group">
<label>Current Password</label>
<input type="password" name="curpassword" class="form-control" pattern="(?=.*d)(?=.*[a-z])(?=.*[A-Z]).{8,}" 
title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters"
placeholder="Enter Current Password" required>
</div>
<div class="form-group">
<label>Password</label>
<input type="password" name="password" class="form-control" pattern="(?=.*d)(?=.*[a-z])(?=.*[A-Z]).{8,}" 
title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters"
placeholder="Enter New Password" required>
<input type="hidden" name="binder" value="<?php echo $user_email; ?>">
</div>
<div class="form-group">
<label>Confirm Password</label>
<input type="password" name="cpassword" class="form-control" pattern="(?=.*d)(?=.*[a-z])(?=.*[A-Z]).{8,}" 
title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters"
placeholder="Confirm Password" required>
</div>
<input type="submit" name="submitna" value="Update" class="btn btn-success">
</form>
</div>
<div class="modal-footer">
<button data-dismiss="modal" class="btn btn-primary" type="button">Close</button>
</div>

这是php脚本

if(isset($_POST['submitna'])){
$binder = $_POST['binder'];
$user_fullname = $_POST['user_fullname'];
$user_email = $_POST['user_email'];
$curpassword = md5($_POST['curpassword']);
$password = md5($_POST['password']);
$cpassword = md5($_POST['cpassword']);
$sql = "SELECT * FROM users WHERE user_email = '$user_email' ";
$query = $conn->query($sql);
while($row = $query->fetch_array()){
$pass = $row['password'];
}
if($curpassword != $pass){
echo '<script>alert("Incorrect Current Password")
</script>';
}else if($password !== $cpassword){
echo '<script>alert("Password not matched")
window.location = "index.php"
</script>';
}else{
$sql="UPDATE users SET user_fullname=?, user_email=?, password=? WHERE user_email=?";
$stmt=$conn->prepare($sql);
$stmt->bind_param("ssss", $user_fullname, $user_email, $password, $binder);
if($stmt->execute()){
$_SESSION['user_email'] = $user_email;
echo '<script>alert("Information has been updated")
window.location = "index.php"
</script>';
}
}
}

只有当我试图更改电子邮件时才会出现错误。它的原因是什么?

如果没有匹配的电子邮件,获取结果的while循环将永远不会执行,因此您将永远不会设置$pass

在尝试使用从抓取中设置的变量之前,您需要检查查询是否返回了一行结果。

f(isset($_POST['submitna'])){
$binder = $_POST['binder'];
$user_fullname = $_POST['user_fullname'];
$user_email = $_POST['user_email'];
$curpassword = md5($_POST['curpassword']);
$password = md5($_POST['password']);
if ($_POST['password'] != $_POST['cpassword']) {
echo '<script>alert("Password not matched");window.location = "index.php"</script>';
exit;
}
$sql = "SELECT * FROM users WHERE user_email = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $binder);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_array();
if (!$row) {
echo '<script>alert("Incorrect username")</script>';
} else {
$pass = $row['password'];
if($curpassword != $pass){
echo '<script>alert("Incorrect Current Password")</script>';
exit;
} else {
$sql="UPDATE users SET user_fullname=?, user_email=?, password=? WHERE user_email=?";
$stmt=$conn->prepare($sql);
$stmt->bind_param("ssss", $user_fullname, $user_email, $password, $binder);
if($stmt->execute()){
$_SESSION['user_email'] = $user_email;
echo '<script>alert("Information has been updated")
window.location = "index.php"
</script>';
}
}
}
}

其他点:

  • 将明文密码和密码确认相互比较,而不是与它们的哈希值比较,也不是与数据库比较。如果确认不匹配,则不需要对数据库做任何操作。
  • 当查询包含用户输入时,使用预处理语句。
  • MD5不是安全的密码哈希函数。我没有在这里展示,但是你应该使用password_hash()password_verify()
  • 您应该使用$binder而不是$user_email查找旧密码,就像在UPDATE查询中一样。$binder是他们隐藏输入的旧电子邮件,$user_email是他们更改的新电子邮件。

您的$pass变量正在被创建并设置为从这个查询的结果行'password': $sql = "SELECT * from users WHERE user_email = '$user_email' "

行'password'实际上是由该查询返回吗?如果没有,则$pass没有定义。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium